WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.4  Attacks
           9  1.4.3  Spoofing

Previous Topic/Section
How TCP/IP Permits Spoofing
Previous Page
Pages in Current Topic/Section
1
Next Page
 Problem #2: An Attacker Can Pretend to Be From A Trusted Host
Next Topic/Section

Problem #1: Spoofing Can Worsen a DoS Attack

In the example of a user browsing a website, this technique is fairly pointless. However, if this technique is used in conjunction with a Denial Of Service attack (as discussed in 1.4.1), an attacker can use this to their advantage. First, they can hide their true source IP address, which, in today’s world of lawsuits against hackers is a fairly strong motivation, making it difficult to trace them. Secondly, they can continually change the source IP address of the DoS packets, making it hard for network administrators to drop the packets at firewalls using source IP address filters. To take it a stage further, an attacker could spoof the source IP address of the DoS packets to make them appear to originate from within the target’s network.

While this technique may not always work, it can give poorly configured firewalls and routers a lot of difficulties. This is why we recommended in section 1.4.1 that you implement router rules against this.

Spoofing

Spoofing is an attack in which packets are made to appear to originate from a system other than the one they really originated from.

If your network monitor or Intrusion Detection System detects that you are receiving packets from the Internet which list an address on your internal network as the source IP address, it is likely that you are experiencing an IP spoofing attack.


Figure 10: By forging IP header information at computer P, computer B falsely responds to computer A. Given enough packets a DoS occurs.

 

Previous Topic/Section
How TCP/IP Permits Spoofing
Previous Page
Pages in Current Topic/Section
1
Next Page
 Problem #2: An Attacker Can Pretend to Be From A Trusted Host
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.